What can you do about inclusion as a corporate compliance officer?
That is: you see everything that is going on and you are horrified and saddened. Your are proud of the strong statement your company made about standing with the Black community, but you also know that inequality and racial justice is a profoundly deep problem that requires strategy and accountability to address—and you are not sure what, if anything, you can do.
Big-picture, know that you do have a strategic role in this as a corporate compliance officer. I know it's easy to think of ourselves as on the sidelines in a time like this, but consider that you might be in this job at this time for exactly this purpose.
To that end, we’re going to cover two practical things you can do—right now—using the unique authority and access you have through your position as a corporate compliance officer, to advance inclusion in your company and in the broader compliance community.
#1: Use your Board of Directors’ oversight liability to put inclusion on the agenda.
First, one of the biggest assets you have as a compliance officer is the fact that your Board of Directors has duty-of-oversight liability for compliance. This means that they have a personal stake in your metrics that they don’t have with many other folks who report out to them.
This is true even if we acknowledge that the standard for oversight liability is generally pretty high, because “some risk of liability” is still more than “no risk of liability.” If you have a project that has a 15% chance of getting you sued and another that has a 0% chance, I promise you’ll pay more attention to the first one.
So, one practical thing you can do is to reach out to your company’s D&I officer and ask if you can book some time with them to discuss if there are any metrics that they would like to start including in your board reports—so those metrics get reviewed together with yours.
Because if your company is making statements on this, it’s stating an ethical position—and the “compliance” part of your "ethics and compliance" job is all about making sure the company’s behavior conforms to its ethics. That's what "compliance" means.
This does not mean you'll own these metrics (your D&I officer will), or that your D&I officer won't separately report them in their own board sessions. It simply means that when you talk about having an ethics and compliance culture, you include these metrics in that discussion so your Board has a holistic view of where things are.
Of course, your D&I officer is going to probably get a lot of time in front of your board right now anyway. That's fine: the point isn't immediate access (they'll have that now if they didn't before), but reframing inclusion so it is viewed along with what the Board considers its oversight duty. That ensures key metrics of inclusion are part of the Board's long-term agenda—because they're part of the report with the stuff that can get them in legal trouble—and not just something that gets attention in a moment of crisis.
And yes: inclusion is more than metrics and numbers, just like ethics and compliance is more than metrics and numbers.
But it sure isn’t less than metrics and numbers, because metrics and numbers—though incomplete on their own—drive accountability, especially when they are monitored by a Board of Directors. And that is doubly true when they are monitored in alongside metrics of the Board's oversight liability; it frames them as a priority instead of a nice-to-have.
This is our first practical thing.
#2: Use your budget to support compliance businesses and firms owned by people of color.
Second, another big asset you have as a compliance officer is your authority to spend money. So our second practical thing is to use that money to support law firms and consultancies and businesses that are owned by people of color. While our first practical thing helps you advance inclusion at your company, this helps you advance it within the broader compliance ecosystem.
Practically, this means taking steps to actively seek these companies out when you do not have a need. This is because when you do have a need, you are most likely to fall back on your existing network, and odds are they are going to look like you.
We all do this, because this is the regular way the human brain works: we like shortcuts and we hate having too many options, so we just want to get it done and move on and that means calling whomever we already know. The net effect is to exclude people of color who are not already in our networks. You aren’t intending to do it, but that’s not really the point—it happens anyway.
Reaching out now is a way to be deliberate about this. You learn about what they do for when you have a need, and you have someone to refer your friends to when they have a need.
How do you do this? Be active on LinkedIn and go to events where you can meet new people who aren't already in your network. (Trust me, I'm mega introverted—you can do it, and a lot of it is just being open to connections.)
To get you started, here are five firms and consultancies that you can reach out to right now, along with their sites (if we knew that they had one) and their services:
Services: Program design, due diligence/supply chain management, Code/policy development, risk assessment/mitigation plans, training and engagement, internal investigations.
Follow Asha Palmer, its founder, here on LinkedIn. She was formerly at the Department of Justice and in-house compliance for US and Emirati companies in the United Arab Emirates.
Services: Program design, program assessment/evaluation, training, communication and branding.
Follow Nichole Pitts, its founder, here on LinkedIn. She was formerly in-house compliance in the US and France, including being in charge of international compliance for Louis Berger.
Services: Boutique compliance law firm on governance, program assessment, due diligence, M&A and post-transaction integration planning/oversight. Focus on antitrust, anticorruption, cybersecurity, and third party risk. Coaching of female compliance leaders through the Intuitive CCO brand.
Follow Gaye Montgomery, its founder, here on LinkedIn. She was formerly the Head of the Global Compliance Practice group at Altria.
GSRC Integrity Consulting Corporation Limited (Bahamas)
Services: Consulting, focused on financial services industry.
Follow and connect with Iris Neely, its founder, here on LinkedIn. She was formerly in-house at multiple banks including JP Morgan and Citi.
ParaMetric Global Consulting (UK)
Services: Consulting, training, speaking.
Follow and connect with Lloydette Bai-Marrow, its founder, here on LinkedIn. She was formerly with the Crown Prosecution Service and Serious Fraud Office.
This is obviously a very partial and incomplete list, and I went back and forth on whether to add commentary—we know some of these women quite well—but they don't need our endorsement and I didn't want to detract from their work with a clumsy blurb.
Their work speaks for itself, on its own terms, as you'll see when you click through. If you do nothing else today, do that. It's a place to start.